There's been an interesting discussion on the OpenID mailing lists the past few days stemming from my post Seven sites you didn’t know were using OpenID. The main argument is that because many of these sites aren't letting people use any OpenID, that we shouldn't be promoting them. To me this ste...

There's been an interesting discussion on the OpenID mailing lists the past few days stemming from my post Seven sites you didn’t know were using OpenID. The main argument is that because many of these sites aren't letting people use any OpenID, that we shouldn't be promoting them. To me this ste...

There's been an interesting discussion on the OpenID mailing lists the past few days stemming from my post Seven sites you didn’t know were using OpenID. The main argument is that because many of these sites aren't letting people use any OpenID, that we shouldn't be promoting them. To me this stems from a deeper question about what OpenID actually is. On one hand OpenID is clearly a technology. Created in 2005, OpenID 1.1 allowed for basic authentication of people who were represented by profile URLs across the web. But OpenID 2.0 is a pretty different technological beast. It supported both URLs and XRIs which made discovery overly complex, features such as clicking a button to sign in versus typing a full URL, and was designed to be extensible which led to richer profile data and stronger authentication. Today OpenID... Continue reading

I think that you may be misunderstanding how I was describing discovery for OpenID Connect. I used the example of davidrecordon.com to show that it absolutely must be decentralized and support the ability for anyone to host their identity anywhere they'd like (including on their own server!). While I believe that many people will choose to use larger services, the ability to run your own OpenID server is absolutely critical. (This is similar to email today; anyone can run an email server but the vast majority of people trust large services to host theirs.)
As I think multiple people have explained to you in the past, the OpenID Foundation does not run an OpenID Provider on openid.net or any other domain. You must contact the provider you were using and not us!

One of OpenID's innovations was the idea of every user being represented by a URL. This immediately made the protocol decentralized and helped to provide context for every user across the web. What become clear to me over the past few months is that while this was an important step forward, there...

The past twenty days have been a real whirlwind in terms of new sites adopting OpenID for sign in. Some of the larger deployments have made the news (Google and Yahoo! Store), but here are seven others you’ve likely not heard about. — OpenID Blog Continue reading

For the underlying user identifier, take a look at http://lists.openid.net/pipermail/openid-specs-connect/2010-August/000005.html which is what's hopefully the start of a great discussion on the working group about the exact topic you raised.
Yep, the profile URL isn't something you're directly proving control over unlike in OpenID 1.0 and 2.0. It would be returned via the user info API but is worth calling out in this context as it was previously thought of as the main identifier in OpenID.

One of OpenID's innovations was the idea of every user being represented by a URL. This immediately made the protocol decentralized and helped to provide context for every user across the web. What become clear to me over the past few months is that while this was an important step forward, there...

What was the # used for? OpenID 2.0 used it to version identifiers but it was a pretty big hack that never worked in reality. That's one of the reasons I think that we should separate profile URLs (where you care about recycling the namespace) from the underlying user identifier which should be HTTPS and never reassigned.

One of OpenID's innovations was the idea of every user being represented by a URL. This immediately made the protocol decentralized and helped to provide context for every user across the web. What become clear to me over the past few months is that while this was an important step forward, there...

I'm up in Portland today at the first Federated Social Web Summit and there have been a number of interesting presentations about open source projects trying to build interoperable social experiences. The morning has also been fairly packed with emerging technology buzzword bingo. At times it felt as if people were starting with the technologies and protocols and only then trying to find a product that needs PubSubHubbub enabled JSON hCards federated via OStatus! The Diaspora talk jumped out to me as they twice said, "we've implemented this product feature as a prototype, it works, and now we want to talk about the standard version of it." That's the right way to build standards. Have a product problem, solve it, and then iterate with others on an open specification. But most importantly, don't be afraid of starting over (while learning... Continue reading

Kevin Marks and I were talking about Mark's book a bit last night. First of all, it's awesome! It's the most approachable resource for web developers around HTML5.
That said, it still doesn't seem like what is included in Mark's book is an authoritative definition of "HTML5". For example, it includes Microdata and doesn't mention "HTML5 Notifications".
Someone other than browser vendors' marketing teams need to define what technologies are a part of HTML5 for web developers based on what is actually supported by the major browsers in non-beta releases. Obviously this definition will evolve over time.

Earlier this weekend, Christopher Blizzard wrote about how there's not one easy answer as to what HTML5 actually is. While I don't agree with placing all of the blame on Google, I certainly agree that there needs to be a simple answer as to what, "support HTML5!" means. Not just for browser vend...

While treating HTML5 as a broad umbrella brand helps everyone feel like there's a chance to have their problem solved as a part of it, website owners aren't clear on what's worth shipping when. As an outsider it feels like having a simple "implement this stuff to make your website support HTML5" page based on what non-beta versions of browsers have shipped would be incredibly useful. Continue reading

"Sometimes I put my log in information into the register fields." "Me too! I hate that not only do I feel stupid, I have to retype everything again." For one of my side projects, Leafy Chat, we have just added the concept of user accounts. This includes the need for registration and log in (as w...